Description
Query PR
Language
Python
CVE(s) ID list
- CVE-2020-27197
Blind SSRF in OpenTaxii eclecticiq/OpenTAXII#176
[CVE-2020-27197] Avoid SSRF on parsing XML TAXIIProject/libtaxii#247
Other: https://lgtm.com/query/5777911924609612713/
CWE
CWE-918: Server-Side Request Forgery (SSRF)
Report
1.What is the vulnerability?
Add some sinks in the CodeQL-Python SSRF model. Modeled Python libraries are: Aiohttp
, Httpx
, Libtaxii
, Urllib
, Urllib2
, Urllib3
.
2.How does the vulnerability work?
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
3.What strategy do you use in your query to find the vulnerability?
Added some sinks on CodeQL-Python CWE-918 model.
4.What have you reduced the number of false positives?
Sanitizer has not been modeled yet.
5.Other information?
None.
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
- Yes
- No
Blog post link
No response